From 66fca5136293ae4e02d7ec7b387c3ba3ebf87d7b Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sat, 5 Apr 2025 13:09:42 +0200
Subject: got_attr_value: check half moves

---
 FICS/gamedb.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'FICS')

diff --git a/FICS/gamedb.c b/FICS/gamedb.c
index 7d094c2..abb31ff 100644
--- a/FICS/gamedb.c
+++ b/FICS/gamedb.c
@@ -1071,6 +1071,12 @@ got_attr_value(int g, char *attr, char *value, FILE *fp, char *file)
 
 		if (garray[g].numHalfMoves == 0)
 			return 0;
+		else if (garray[g].numHalfMoves < 0 ||
+		    (size_t)garray[g].numHalfMoves > INT_MAX / sizeof(move_t)) {
+			warnx("%s: num half moves out-of-bounds (%d)", __func__,
+			    garray[g].numHalfMoves);
+			return -1;
+		}
 
 		garray[g].moveListSize = garray[g].numHalfMoves;
 		garray[g].moveList = reallocarray(NULL, sizeof(move_t),
-- 
cgit v1.2.3